Aufzählung Griffnamen Problem

Question

Ich habe einen Weg gefunden, andere Programme aufzuzählen, aber ich habe jetzt ein Problem. Ich kann keine Prozessthreads sehen. Ich muss überprüfen, welche Programme Griffe für meinen Prozess öffnen.

Wenn ich die Ausgabe überprüfe, ist es "ungenannt", ich weiß nicht, wie man es repariert.

Soll ich das über dirver tun? oder eine andere Möglichkeit, dies ohne Fahrer zu tun?

pid = _wtoi(argv[1]); 

if (!(processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid))) 
{ 
    printf("Could not open PID %d! (Don't try to open a system process.)\n", pid); 
    return 1; 
} 

handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize); 

/* NtQuerySystemInformation won't give us the correct buffer size, 
    so we guess by doubling the buffer size. */ 
while ((status = NtQuerySystemInformation(
    SystemHandleInformation, 
    handleInfo, 
    handleInfoSize, 
    NULL 
    )) == STATUS_INFO_LENGTH_MISMATCH) 
    handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize *= 2); 

/* NtQuerySystemInformation stopped giving us STATUS_INFO_LENGTH_MISMATCH. */ 
if (!NT_SUCCESS(status)) 
{ 
    printf("NtQuerySystemInformation failed!\n"); 
    return 1; 
} 

for (i = 0; i < handleInfo->HandleCount; i++) 
{ 
    SYSTEM_HANDLE handle = handleInfo->Handles[i]; 
    HANDLE dupHandle = NULL; 
    POBJECT_TYPE_INFORMATION objectTypeInfo; 
    PVOID objectNameInfo; 
    UNICODE_STRING objectName; 
    ULONG returnLength; 

    /* Check if this handle belongs to the PID the user specified. */ 
    if (handle.ProcessId != pid) 
     continue; 

    /* Duplicate the handle so we can query it. */ 
    if (!NT_SUCCESS(NtDuplicateObject(
     processHandle, 
     handle.Handle, 
     GetCurrentProcess(), 
     &dupHandle, 
     0, 
     0, 
     0 
     ))) 
    { 
     printf("[%#x] Error!\n", handle.Handle); 
     continue; 
    } 

    /* Query the object type. */ 
    objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x1000); 
    if (!NT_SUCCESS(NtQueryObject(
     dupHandle, 
     ObjectTypeInformation, 
     objectTypeInfo, 
     0x1000, 
     NULL 
     ))) 
    { 
     printf("[%#x] Error!\n", handle.Handle); 
     CloseHandle(dupHandle); 
     continue; 
    } 

    /* Query the object name (unless it has an access of 
     0x0012019f, on which NtQueryObject could hang. */ 
    if (handle.GrantedAccess == 0x0012019f) 
    { 
     /* We have the type, so display that. */ 
     printf(
      "[%#x] %.*S: (did not get name)\n", 
      handle.Handle, 
      objectTypeInfo->Name.Length/2, 
      objectTypeInfo->Name.Buffer 
      ); 
     free(objectTypeInfo); 
     CloseHandle(dupHandle); 
     continue; 
    } 

    objectNameInfo = malloc(0x1000); 
    if (!NT_SUCCESS(NtQueryObject(
     dupHandle, 
     ObjectNameInformation, 
     objectNameInfo, 
     0x1000, 
     &returnLength 
     ))) 
    { 
     /* Reallocate the buffer and try again. */ 
     objectNameInfo = realloc(objectNameInfo, returnLength); 
     if (!NT_SUCCESS(NtQueryObject(
      dupHandle, 
      ObjectNameInformation, 
      objectNameInfo, 
      returnLength, 
      NULL 
      ))) 
     { 
      /* We have the type name, so just display that. */ 
      printf(
       "[%#x] %.*S: (could not get name)\n", 
       handle.Handle, 
       objectTypeInfo->Name.Length/2, 
       objectTypeInfo->Name.Buffer 
       ); 
      free(objectTypeInfo); 
      free(objectNameInfo); 
      CloseHandle(dupHandle); 
      continue; 
     } 
    } 

    /* Cast our buffer into an UNICODE_STRING. */ 
    objectName = *(PUNICODE_STRING)objectNameInfo; 

    /* Print the information! */ 
    if (objectName.Length) 
    { 
     /* The object has a name. */ 
     printf(
      "[%#x] %.*S: %.*S\n", 
      handle.Handle, 
      objectTypeInfo->Name.Length/2, 
      objectTypeInfo->Name.Buffer, 
      objectName.Length/2, 
      objectName.Buffer 
      ); 
    } 
    else 
    { 
     /* Print something else. */ 
     printf(
      "[%#x] %.*S: (unnamed)\n", 
      handle.Handle, 
      objectTypeInfo->Name.Length/2, 
      objectTypeInfo->Name.Buffer 
      ); 
    } 

    free(objectTypeInfo); 
    free(objectNameInfo); 
    CloseHandle(dupHandle); 
} 

free(handleInfo); 
CloseHandle(processHandle); 

return 0; 

Answer 1

void SearchMyProcessHandles() 
{ 
    ULONG UniqueProcessId = GetCurrentProcessId(); 

    if (HANDLE hProcess = OpenProcess(MAXIMUM_ALLOWED, FALSE, UniqueProcessId)) 
    { 
     NTSTATUS status; 
     union { 
      PSYSTEM_HANDLE_INFORMATION_EX pshi; 
      PVOID buf; 
     }; 
     ULONG cb = 0x10000; 
     do 
     { 
      status = STATUS_INSUFFICIENT_RESOURCES; 

      if (buf = new UCHAR[cb += PAGE_SIZE]) 
      { 
       if (0 <= (status = ZwQuerySystemInformation(SystemExtendedHandleInformation, buf, cb, &cb))) 
       { 
        if (ULONG_PTR NumberOfHandles = pshi->NumberOfHandles) 
        { 

         SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX* Handles = pshi->Handles; 
         do 
         { 
          if (Handles->UniqueProcessId == UniqueProcessId && 
           Handles->HandleValue == (ULONG_PTR)hProcess) 
          { 
           PVOID Object = Handles->Object; 

           Handles = pshi->Handles; 
           NumberOfHandles = pshi->NumberOfHandles; 

           do 
           { 
            if (Handles->Object == Object && 
             Handles->UniqueProcessId != UniqueProcessId) 
            { 
             DbgPrint("%p %p %08x\n", 
              Handles->UniqueProcessId, 
              Handles->HandleValue, 
              Handles->GrantedAccess); 
            } 
           } while (Handles++, --NumberOfHandles); 

           break; 
          } 

         } while (Handles++, --NumberOfHandles); 
        } 
       } 
       delete [] buf; 
      } 
     } while (status == STATUS_INFO_LENGTH_MISMATCH); 

     CloseHandle(hProcess); 
    } 
}